Ask a Question

Issues with NetBotz Appliances in Post-Only Mode and Some Firewalls

"Default configurations of some IP based firewalls may cause problems with NetBotz appliances operating in Post-Only mode due to the fact that NetBotz appliances inserts custom information in to the HTTP headers.

NetBotz appliances in post-only mode must include additional identification & session information in all HTTP traffic sent to a NetBotz Central. Many firewalls that perform packet inspection may remove the custom / proprietary headers from the HTTP traffic or drop the packets all together. Either of these actions will cause the NetBotz appliances to be unable to communicate with a NetBotz Central in post-only mode.

The symptom to this would be NetBotz appliances in post-only mode that can NOT successfully register with the NetBotz Central. Viewing the firewall's log may indicate that the packets from the NetBotz appliance contains proprietary or unknown headers.

The solution is to change the configuration on the firewall to not remove unknown / proprietary headers or not drop packets with this information.

NetBotz has discovered that WatchGuard Firewalls are configured by DEFAULT to strip out unknown headers. To change configuration on a WatchGuard Firewall use this procedure:

* From the Watchguard Policy Manager bring up the current configuration for the Firewall * Double click on the HTTP service * Choose the properties tab * Choose the settings button * uncheck ""Remove unknown headers"" * Click the ok button * Click the ok button again to exit the http service configuration * Save the configuration for the changes to take affect. "